🔓 Unlock all 10,000+ workflows & prompts free Join Newsletter →
✅ Full access unlocked — explore all 10,000 AI workflow and prompt templates Browse Templates →
Home n8n Workflow
January 22, 2026

Slack + SendGrid: clear AWS ACM expiry reports

Slack + SendGrid: clear AWS ACM expiry reports - n8n workflow automation template
Lisa Granqvist Partner Workflow Automation Expert
Slack + SendGrid: clear AWS ACM expiry reports - n8n workflow automation template
Get a free AI assessment → Get a free AI assessment → ⬇️ Use template

Your certificates don’t usually “fail.” They expire quietly, then show up as a broken checkout page, a 2 a.m. incident, or an awkward customer email. And the worst part is the scramble: hunting through AWS Certificate Manager, copying domains into a spreadsheet, and trying to explain risk to people who don’t live in the AWS console.

If you’re a DevOps lead, you feel this in the uptime metrics. A cloud admin feels it in constant tab-switching. And compliance folks feel it when someone asks, “Do we have proof we check certs regularly?” This AWS ACM reports automation sends one clean weekly summary to Slack and email, so renewals are handled early and reporting is always ready.

Below is the workflow, what it outputs, and how to adapt it for your environment (different channels, different filters, and different reporting styles).

How This Automation Works

The full n8n workflow, from trigger to final output:

n8n Workflow Template: Slack + SendGrid: clear AWS ACM expiry reports

The Problem: Certificate expiry tracking is easy to ignore

AWS ACM makes it simple to store certificates, but it doesn’t make it easy to keep everyone aligned on what’s about to expire and what needs attention. You can click around and spot a risky cert, sure. But doing that every week, across accounts and regions, turns into a recurring chore that nobody “owns” for long. Then the risk hides in plain sight: a cert is in use, renewal is not eligible, and you only find out once the clock is basically at zero. Audits make it worse. Now you’re trying to reconstruct a process after the fact, which is honestly the least fun way to do compliance.

It adds up fast. Here’s where it breaks down in real teams:

  • Weekly manual checks in ACM take about 30–60 minutes once you include screenshots, exports, and follow-ups.
  • Notes get stuck in DMs or tickets, so the “source of truth” changes every week.
  • Someone misses a renewal eligibility detail, which means the risk gets communicated too late.
  • Audit requests force a rushed report, and it’s never formatted the same way twice.

The Solution: A weekly ACM expiry report sent to Slack and SendGrid

This n8n workflow runs on a weekly schedule, pulls all AWS ACM certificates, and turns the raw list into a report that a human can actually scan. First, it retrieves certificate records from AWS Certificate Manager. Then it transforms those records (dates, statuses, SANs, renewal eligibility) into a clean structured dataset. From there, OpenAI generates two versions of the same report: a Markdown summary that gets turned into a PDF for Slack, and a styled HTML summary that is sent by email through SendGrid. The result is a predictable weekly heartbeat. The team sees what’s expiring, what’s already expired, and what can’t auto-renew, without anyone opening the AWS console.

The workflow starts with a schedule trigger, then AWS ACM retrieval and a data cleanup step. After that, AI agents draft the Markdown and HTML summaries. Finally, the Markdown becomes a PDF for Slack, and the HTML goes to SendGrid for inbox-friendly delivery.

What You Get: Automation vs. Results

Example: What This Looks Like

Say your team manages about 50 ACM certificates across a few environments. A “quick” weekly check is often 1 hour: 30 minutes in ACM, then another 30 pulling domains into a message or email people can act on. With this workflow, the weekly trigger runs automatically, the report is generated in the background, and you spend maybe 5 minutes scanning Slack and forwarding one item to the right owner. That’s roughly an hour back each week, plus fewer surprises.

What You’ll Need

  • n8n instance (try n8n Cloud free)
  • Self-hosting option if you prefer (Hostinger works well)
  • AWS Certificate Manager (ACM) to list certificate inventory.
  • Slack to receive the weekly PDF report.
  • SendGrid to email the HTML summary.
  • OpenAI API key (get it from the OpenAI API dashboard).

Skill level: Intermediate. You’ll connect AWS, Slack, and SendGrid credentials, then tweak prompts and report filters if you want them.

Don’t want to set this up yourself? Talk to an automation expert (free 15-minute consultation).

How It Works

A weekly trigger kicks it off. n8n runs the workflow on a set schedule (many teams pick Monday morning) so the report arrives before the week gets busy.

AWS ACM certificate data is pulled automatically. The workflow retrieves all certificate records from AWS Certificate Manager, so you’re not exporting CSVs or clicking through the console.

The certificate list is cleaned up and summarized. A transform step normalizes dates and fields like renewal eligibility and SANs, then two OpenAI agents generate a Markdown report and a styled HTML version using that cleaned dataset.

The output is delivered where people will actually read it. The Markdown report is turned into a document and exported as a PDF, then uploaded to Slack. In parallel, the HTML summary is sent via SendGrid for anyone who prefers email or needs it for compliance distribution.

You can easily modify the schedule to run daily, or filter the dataset to only include IN_USE or EXPIRING certificates based on your needs. See the full implementation guide below for customization options.

Step-by-Step Implementation Guide

Step 1: Configure the Scheduled Trigger

Set up the weekly schedule that initiates the certificate reporting workflow.

  1. Add the Scheduled Weekly Trigger node as the workflow trigger.
  2. Set the schedule rule to run weekly with triggerAtDay set to 1.
  3. Connect Scheduled Weekly Trigger to Retrieve ACM Certificates.

Step 2: Connect AWS Certificate Manager

Pull all ACM certificate records from AWS to form the basis of the weekly report.

  1. Open Retrieve ACM Certificates and set Operation to getMany.
  2. Credential Required: Connect your aws credentials.
  3. Verify the connection from Retrieve ACM Certificates to Transform Cert Records.

Step 3: Set Up the Processing Layer

Normalize ACM data into a report-ready structure and split into HTML and Markdown reporting paths.

  1. Open Transform Cert Records and keep the JavaScript Code as provided to compute summary counts and normalized fields.
  2. Confirm that Transform Cert Records outputs to both HTML Report Agent and Markdown Report Agent in parallel.

HTML Report Agent and Markdown Report Agent use language models configured in HTML LLM Config and Markdown LLM Config. Add credentials to those parent nodes, not the agents.

Step 4: Set Up the AI/LLM Report Generators

Generate two report formats from the same certificate dataset.

  1. In Markdown LLM Config, set Model to gpt-4.1-mini.
  2. Credential Required: Connect your openAiApi credentials in Markdown LLM Config.
  3. In HTML LLM Config, set Model to gpt-5-mini.
  4. Credential Required: Connect your openAiApi credentials in HTML LLM Config.
  5. Keep the prompt in Markdown Report Agent as-is, including the expression {{ $json.certificates.toJsonString() }}.
  6. Keep the prompt in HTML Report Agent as-is, including the expression {{ $json.certificates.toJsonString() }}.

If your HTML or Markdown output is empty, verify that Transform Cert Records returns a certificates array and that both agents receive data.

Step 5: Configure Document Creation and PDF Export

Turn the Markdown report into a Google Doc and export it as a PDF for distribution.

  1. In Prepare Doc Metadata, set Drive Folder ID to your target folder ID (replace [YOUR_ID]).
  2. Set Document Content to {{ $json.output }} to pass Markdown from Markdown Report Agent.
  3. Open Generate Doc File and keep URL set to https://www.googleapis.com/upload/drive/v3/files?uploadType=multipart&supportsAllDrives=true.
  4. Ensure Raw Content Type is multipart/related; boundary=foo_bar_baz.
  5. Credential Required: Connect your googleDriveOAuth2Api credentials in Generate Doc File.
  6. In Export PDF File, set File ID to {{ $json.id }} and keep Operation set to download with Docs conversion to application/pdf.
  7. Credential Required: Connect your googleDriveOAuth2Api credentials in Export PDF File.

⚠️ Common Pitfall: Leaving [YOUR_ID] in Prepare Doc Metadata will cause the Google Drive upload to fail. Replace it with a real folder ID.

Step 6: Configure Output Destinations (Slack and Email)

Deliver the PDF to Slack and optionally send an HTML email summary.

  1. In Dispatch PDF to Slack, set Channel ID to your Slack channel (replace [YOUR_ID]) and customize Initial Comment if needed.
  2. Credential Required: Connect your slackOAuth2Api credentials in Dispatch PDF to Slack.
  3. If you want email delivery, enable HTML Report Agent, Set Email Inputs, and Email Weekly Summary (these are disabled by default).
  4. In Set Email Inputs, replace [YOUR_EMAIL] in SenderEmail and RecepientEmail with real addresses, and set SenderName as needed.
  5. In Email Weekly Summary, keep Subject as Weekly ACM Report and Content Value as {{ $('HTML Report Agent').item.json.output }}.
  6. Credential Required: Connect your sendGridApi credentials in Email Weekly Summary.

If you only need Slack delivery, keep the email branch disabled to avoid credential setup for SendGrid.

Step 7: Test and Activate Your Workflow

Validate end-to-end execution before enabling the weekly schedule.

  1. Click Execute Workflow to run a manual test from Scheduled Weekly Trigger.
  2. Confirm Retrieve ACM Certificates returns certificate data and Transform Cert Records produces summary counts.
  3. Verify the parallel outputs: Transform Cert Records should feed both Markdown Report Agent and HTML Report Agent (if enabled).
  4. Check that Generate Doc File creates a Google Doc and Export PDF File downloads a PDF.
  5. Confirm the PDF is posted by Dispatch PDF to Slack and the email sends via Email Weekly Summary if enabled.
  6. When everything looks correct, toggle the workflow Active to enable weekly automation.
🔒

Unlock Full Step-by-Step Guide

Get the complete implementation guide + downloadable template

Common Gotchas

  • AWS credentials can expire or lack ACM permissions. If the fetch fails, check the n8n credential settings and confirm your IAM policy allows listing certificates in ACM.
  • If PDF export relies on external processing (document creation or Drive export), timings can vary. Increase any wait time you use and re-run once to confirm the file is fully generated before Slack upload.
  • OpenAI report prompts start generic. Bake in your definitions early (what counts as “expiring soon,” what owners should do next), or you will end up editing every weekly report.

Related Workflows

If your team wants the “something is wrong” alert in addition to the weekly report, Slack alerts for SSL expiry, no more surprise outages pairs well because it focuses on fast notifications when you’re getting close to a deadline.

For teams that maintain a running inventory (and want an easy place to annotate owners), Google Sheets to Slack, SSL expiry alerts you trust is a good complement, since Sheets becomes your lightweight tracking layer.

When email is the official channel for audit distribution, Google Sheets to Email, SSL expiry alerts you trust can help you send structured messages to a wider list without relying on Slack membership.

Need both a stored log and a simple inbox summary? Google Sheets + Email: SSL expiry alerts without panic fits when you want repeatable reporting that’s easy to forward to leadership.

Finally, if Slack gets too noisy for your ops channel, Google Sheets + Telegram: SSL expiry alerts that stick is worth a look, especially for on-call rotations that live in Telegram.


Quick reference:

Frequently Asked Questions

How long does it take to set up this AWS ACM reports automation?

About 45 minutes if you already have AWS, Slack, and SendGrid access ready.

Do I need coding skills to automate AWS ACM reports?

No. You’ll mainly connect credentials and edit a few fields and prompts in n8n.

Is n8n free to use for this AWS ACM reports workflow?

Yes. n8n has a free self-hosted option and a free trial on n8n Cloud. Cloud plans start at $20/month for higher volume. You’ll also need to factor in OpenAI API usage (often a few dollars a month for weekly summaries) and any SendGrid email volume you send.

Where can I host n8n to run this automation?

Two options: n8n Cloud (managed, easiest setup) or self-hosting on a VPS. For self-hosting, Hostinger VPS is affordable and handles n8n well. Self-hosting gives you unlimited executions but requires basic server management.

Can I customize this AWS ACM reports workflow for daily checks instead of weekly?

Yes, and it’s a common tweak. Change the Scheduled Weekly Trigger to run daily, then adjust the AI agent prompt to highlight only certificates expiring in your chosen window (like 30 or 60 days). Many teams also modify the Transform Cert Records code step to filter out non-relevant statuses, so the daily message stays short. If you want different recipients per environment, you can duplicate the SendGrid step and route based on tags or account metadata.

Why is my AWS connection failing in this workflow?

Usually it’s IAM permissions or expired credentials. Confirm the AWS credential in n8n can list ACM certificates, then re-save the credential and retry the workflow once. If you’re running across multiple regions or accounts, also check you’re querying the right scope, because an empty response can look like a failure later when the report generator gets no items.

How many certificates can this AWS ACM reports automation handle?

A few hundred certificates is fine for most setups.

Is this AWS ACM reports automation better than using Zapier or Make?

Often, yes, because the workflow isn’t just “send data from A to B.” You’re fetching a list, transforming it, generating two formats with AI, and producing a PDF upload, which is the kind of multi-step logic that gets clunky (and pricey) in simpler automation tools. n8n also gives you the option to self-host, which matters if you run lots of internal reports. On the other hand, if you only need a basic reminder email with no formatting and no PDF, Zapier or Make may be faster to set up. Talk to an automation expert if you want a quick recommendation for your stack.

The weekly report becomes boring, and that’s the point. Set it up once, keep renewals ahead of schedule, and let Slack and email do the reminding for you.

Need Help Setting This Up?

Our automation experts can build and customize this workflow for your specific needs. Free 15-minute consultation—no commitment required.

Talk to Automation Expert →

Lisa Granqvist

Workflow Automation Expert

Expert in workflow automation and no-code tools.

×

Use template

Get instant access to this n8n workflow Json file

Copy and import json workflow into your n8n workflow

💬
Get a free quote today!
Get a free quote today!

Tell us what you need and we'll get back to you within one working day.

Get a free quote today!
Get a free quote today!

Tell us what you need and we'll get back to you within one working day.